Re: [IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-23 Thread Yoav Nir
On Feb 22, 2010, at 5:48 PM, Stephen Kent wrote: At 7:22 PM +0530 2/22/10, Syed Ajim Hussain wrote: Hi Steve According to me IPSEC/IKE should have intelligence by by-pass ND Traffic when SA is not ready state without end-user intervention, and same should be accepted by other

Re: [IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-23 Thread Stephen Kent
Yoav, I did not mean to suggest that the SPD UI has to be a low level interface that makes it difficult for users to achieve their secruity goals. On the other hand, I would be surprised if any vendor's UI really accepted English (or another human communication language). So, despite the

Re: [IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-21 Thread Yoav Nir
On Feb 19, 2010, at 6:30 AM, Syed Ajim Hussain wrote: Hi Yoav Nir All Group Member Thanks for your quick response. I think, instead of user takes special care by adding extra Rule to allow un-encrypted ND traffic(unicast) , There should be some RFC guidelines, such that IPSEC/IKE

Re: [IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-20 Thread Stephen Kent
At 10:00 AM +0530 2/19/10, Syed Ajim Hussain wrote: Hi Yoav Nir All Group Member Thanks for your quick response. I think, instead of user takes special care by adding extra Rule to allow un-encrypted ND traffic(unicast) , There should be some RFC guidelines, such that IPSEC/IKE

Re: [IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-19 Thread Tero Kivinen
Syed Ajim Hussain writes: Thanks for your quick response. I think, instead of user takes special care by adding extra Rule to allow un-encrypted ND traffic(unicast) , There should be some RFC guidelines, such that IPSEC/IKE protocol itself can take care. It will be problem in

[IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-18 Thread Syed Ajim Hussain
Hi All IPv6 Peer1 -- IPv6 Peer 2 I have one question, for IKE IPv6 Solution. Assume in IPsec6 Policy I have configure Source IPv6 Address and Destination IPv6 Address as Traffic selector, now IPSEC SA is not yet establish. When IKE Triggers, SA

Re: [IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-18 Thread Yoav Nir
To: ipsec@ietf.org Subject: [IPsec] IKE6 Negitaion when Peer Address ND not yet started. Hi All IPv6 Peer1 -- IPv6 Peer 2 I have one question, for IKE IPv6 Solution. Assume in IPsec6 Policy I have configure Source IPv6 Address and Destination IPv6 Address

Re: [IPsec] IKE6 Negitaion when Peer Address ND not yet started.

2010-02-18 Thread Syed Ajim Hussain
Subject: RE: [IPsec] IKE6 Negitaion when Peer Address ND not yet started. Hi, Syed Ajim. In future please expand acronyms, because while it's safe to assume that anyone reading this list knows what an SA is, not all of us are proficient in IPv6 terminology. Having said that, policies usually